[squid-users] HTML NTLM and 2.6 not behaving

From: NOCTECH noctech <NOCTECH@dont-contact.us>
Date: Fri, 14 Mar 2008 14:12:20 -0400

Having a rather difficult to fathom problem with a user logging into
some external Outlook WebAccess webmail server. I've read a bunch of
posts about the problems with NTLM and Squid <= 2.5, but this one is
stumping me.

A little bit about our setup -- using multiple squid and dg boxes and a
WCCP router to transparently cache/filter the web.

Most of our squid caches are 2.6, but we still have two remaining that
are version 2.5 that we're phasing out. The odd thing is, the login
seems to work correctly with squid 2.5 and incorrectly with 2.6, which
is exactly backwards of what I expect. When I proxy directly to one of
the squid 2.6 boxes, specifically:

Squid Cache: Version 2.6.STABLE18
configure options: '--prefix=/usr' '--sysconfdir=/etc/squid'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var'
'--libexecdir=/usr/sbin' '--datadir=/usr/share/squid'
'--mandir=/usr/share/man' '--with-maxfd=4096' '--disable-useragent-log'
'--enable-ssl' '--with-openssl' '--disable-ident-lookups'
'--enable-poll' '--enable-truncate' '--enable-gnuregex'
'--enable-async-io' '--with-pthreads' '--with-aio' '--with-dl'
'--enable-storeio=aufs,diskd,ufs,coss,null'
'--enable-removal-policies=heap,lru' '--enable-kill-parent-hack'
'--enable-forw-via-db' '--enable-linux-netfilter' '--enable-underscores'
'--enable-x-accelerator-vary'

I get a login box (in firefox) that reads:
Enter username and password for "" at http://mail.example.com

When I put in the credentials and click OK, the box just keeps coming
back. When I click cancel, I get a different login box:
Enter username and password for "mail.example.com" at
http://mail.example.com

and the login works.

If I proxy directly to one of the 2.5 boxes:
Squid Cache: Version 2.5.STABLE4
configure options: --disable-useragent-log --enable-ssl --with-openssl
--disable-ident-lookups --enable-poll --enable-truncate
--enable-gnuregex --enable-async-io --with-pthreads --with-aio --with-dl
--enable-storeio=aufs,diskd,ufs,coss,null
--enable-removal-policies=heap,lru --enable-kill-parent-hack
--enable-forw-via-db --enable-linux-netfilter --enable-underscores
--enable-x-accelerator-vary

It goes directly to the second login box.

Any thoughts? Any information I can provide to be helpful?

Sean
Received on Fri Mar 14 2008 - 12:13:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT